Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1122364 matches found

Nuclei
Nucleiadded yesterday57 views

Frigate < 0.13.0 Beta 3 - Cross-Site Scripting

Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both kn...

4.7CVSS5.9AI score0.32137EPSS
Exploits1References3
Nuclei
Nucleiadded yesterday30 views

ChurchCRM 4.5.3 - Cross-Site Scripting

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. id: CVE-2023-26843 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium description: | A stored Cross-site scripti...

5.4CVSS6.2AI score0.11478EPSS
Exploits1References5
Nuclei
Nucleiadded yesterday29 views

Hoteldruid 3.0.5 - Cross-Site Scripting

A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. id: CVE-2023-34537 info: name: Hoteldruid 3.0.5 - Cross-Site Scripting author: Harsh severity: medium...

5.4CVSS6AI score0.12864EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday53 views

WordPress Core <=6.2 - Directory Traversal

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wplang’ parameter. id: CVE-2023-2745 info: name: WordPress Core =6.2 - Directory Traversal author: nqdung2002 severity: medium description: | WordPress Core is vulnerable to Directory Traversal in...

6.1CVSS6.4AI score0.79284EPSS
Exploits7References2
Nuclei
Nucleiadded yesterday21 views

Piwigo - Cross-Site Scripting

Piwigo is vulnerable to a reflected XSS in the admin panel where the pluginid parameter is not properly sanitized. id: CVE-2023-44393 info: name: Piwigo - Cross-Site Scripting author: ritikchaddha severity: medium description: | Piwigo is vulnerable to a reflected XSS in the admin panel where the...

9.3CVSS6.4AI score0.06242EPSS
Exploits1References2
Nuclei
Nucleiadded yesterday28 views

Uniview NVR301-04S2-P4 - Cross-Site Scripting

Uniview NVR301-04S2-P4 contains a reflected cross-site scripting vulnerability via the PATH of LAPI. CISA and Uniview state that this vulnerability needs to be authenticated. This is incorrect. Any PATH payload can cause XSS. A submission to Mitre has been sent to update the verbiage in the findi...

5.4CVSS5.5AI score0.11904EPSS
Exploits0References2
Nuclei
Nucleiadded yesterday14 views

iboss Secure Web Gateway - Stored Cross-Site Scripting

A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...

6.1CVSS4.8AI score0.0554EPSS
Exploits4References5
Nuclei
Nucleiadded yesterday23 views

Devalcms 1.4a - Cross-Site Scripting

Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file. id: CVE-2008-6982 info: name: Devalcms 1.4a - Cross-Site Scripting author: arafatansari severity: medium description: | Devalcms 1.4a contains a cross-site scripting vulnerability in th...

4.3CVSS5.6AI score0.08587EPSS
Exploits1References5
Nuclei
Nucleiadded yesterday43 views

Stock Ticker <= 3.23.2 - Cross-Site Scripting

The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajaxstocktickerload function in versions up to, and including, 3.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

7.1CVSS7.1AI score0.03667EPSS
Exploits0References5
Nuclei
Nucleiadded yesterday51 views

WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting

WordPress Calendar Event Multi View plugin before 1.4.01 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php. id: CVE-2021-24498 info: name: WordPress...

6.1CVSS6.2AI score0.25481EPSS
Exploits2References4
Nuclei
Nucleiadded yesterday19 views

Erxes <0.23.0 - Cross-Site Scripting

Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag. id: CVE-2021-32853 info: name: Erxes 0.23.0 - Cross-Site Scripting author: dwisiswant0 severity: critical description: Erxes before 0.23.0...

9.6CVSS6.7AI score0.84524EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday21 views

WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting

WordPress Simple Giveaways plugin before 2.36.2 contains a cross-site scripting vulnerability via the method and share GET parameters of the Giveaway pages, which are not sanitized, validated, or escaped before being output back in the pages. id: CVE-2021-24298 info: name: WordPress Simple...

6.1CVSS6.2AI score0.13939EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday15 views

Cloudron 6.2 Cross-Site Scripting

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to cross-site scripting. id: CVE-2021-40868 info: name: Cloudron 6.2 Cross-Site Scripting author: daffainfo severity: medium description: In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to cross-site...

6.1CVSS6AI score0.26974EPSS
Exploits3References5
Nuclei
Nucleiadded yesterday23 views

Nagios XI < 5.8.6 - Cross-Site Scripting

In Nagios XI before 5.8.6, XSS exists in the dashboard page /dashboards/ when administrative users attempt to edit a dashboard. id: CVE-2021-38156 info: name: Nagios XI 5.8.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: | In Nagios XI before 5.8.6, XSS exists in the...

5.4CVSS6AI score0.84015EPSS
Exploits1References2
Nuclei
Nucleiadded yesterday18 views

Opensis-Classic 8.0 - Cross-Site Scripting

Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the linkurl parameter in Ajaxurlencode.php. id: CVE-2021-40542 info: name: Opensis-Classic 8.0 - Cross-Site Scripting author: alph4byt3 severity: medium...

6.1CVSS6.1AI score0.25259EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday44 views

wpForo Forum <= 2.1.8 - Cross-Site Scripting

The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforodebug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS7.1AI score0.15248EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday21 views

Wavlink WN-535G3 - Cross-Site Scripting

Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi. id: CVE-2022-30489 info: name: Wavlink WN-535G3 - Cross-Site Scripting author: For3stCo1d severity: medium description: | Wavlink WN-535G3 contains a POST cross-site scripting...

6.1CVSS6.7AI score0.28752EPSS
Exploits1References5
Nuclei
Nucleiadded yesterday13 views

phpMyFAQ < 3.1.8 - Cross-Site Scripting

phpMyFAQ versions prior to 3.1.8 contain a reflected cross-site scripting vulnerability in the search functionality. The application fails to properly sanitize user input in the search parameter, allowing attackers to inject and execute malicious JavaScript code in the context of other users'...

7.3CVSS6.9AI score0.2358EPSS
Exploits3References3
Nuclei
Nucleiadded yesterday23 views

WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard. id: CVE-2022-2599 info: name: WordPress Anti-Malware Security an...

6.1CVSS6.2AI score0.30915EPSS
Exploits2References4
Nuclei
Nucleiadded yesterday20 views

Academy Learning Management System <5.9.1 - Cross-Site Scripting

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.4AI score0.30743EPSS
Exploits2References5
Rows per page
Query Builder